Natwest Bank

Garreg Ddu

Gweinyddwr
Staff member
X-SID-PRA: NatWest <accounts.customer@nwolb.com>
Received: from [75.70.44.35] (account mikeandevy@bresnan.net HELO User) by fe-4.cluster1.bresnan.net (CommuniGate Pro SMTP 5.1.16) with ESMTPA id 650477247; Wed, 14 Jan 2009 08:00:21 -0700

Origin IP Address = 75.70.44.35 = Comcast Cable Communications Holdings, Inc COLORADO-24, Colorado Springs, Colorado, United States

From: "NatWest"<accounts.customer@nwolb.com>
Subject: NatWest: Important Service Message
Date: Wed, 14 Jan 2009 15:00:16 -0000
Bcc:
Return-Path: accounts.customer@nwolb.com



Dear Banking Member,

Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV
SSL Certification on this Internet Banking website.

The use of EV SSL certification works with high security Web browsers to clearly identify whether
the site belongs to the company or is another site imitating that company's site.

It has been introduced to protect our clients against phishing and other online fraudulent activities.
Since most Internet related crimes rely on false identity, NatWest went through a rigorous validation
process that meets the Extended Validation guidelines.

Please update your account to the new EV SSL certification by Clicking here. The Phishing site, on a server in Korea, has been removed by the hosts already, having been reported by NetCraft, McAfee SiteAdvisor and Safari Phishing filter.
Thank you.
NatWest
© Online Customer Service: 1998 - 2008

(Do not reply to this email. NatWest retains the right to send you periodic updates on alerts and services).
 

Garreg Ddu

Gweinyddwr
Staff member
Identical message text to post #3, but different IP origin and timing.

X-SID-PRA: NatWest Alerts <accounts.customer@nwolb.com>
Received: from User ([71.97.211.115]) by vms173005.mailsrvcs.net (Sun Java System Messaging Server 6.2-6.01 (built Apr 3 2006)) with ESMTPA id <0KDI00I9XTNSZSX0@vms173005.mailsrvcs.net>; Thu, 15 Jan 2009 10:28:23 -0600 (CST)

Origin IP Address = 71.97.211.115 = Verizon Internet Services Inc., 1880 Campus Commons Dr, Reston, VA 20191, US

Date: Thu, 15 Jan 2009 16:27:48 +0000
From: "NatWest Alerts"<accounts.customer@nwolb.com>
Subject: NatWest: Important Message
To: Undisclosed recipients: ;
Return-Path: accounts.customer@nwolb.com


Dear Banking Member,

Due to the high number of fraud attempts and phishing scams, it has been decided to implement EV
SSL Certification on this Internet Banking website.

It has been introduced to protect our clients against phshing and other online fraudulent activities.
Since most Internet related crimes rely on false identity, NatWest went through a rigorous validation
process that meets the Extended Validation guidelines.

Please update your account to the new EV SSL certification by Clicking here.
The Phishing site, which was on a server in Korea, is the same as the one in post #3, already found and deleted by the hosts.
Thank you.
NatWest
©2009 Online Customer Service

(Do not reply to this email. NatWest retains the right to send you periodic updates on alerts and services).
 

bitingontinfoil

New Member
Another NATWEST

This is one I've received today. Please note I am copying & pasting it *exactly* as I rec'd it - coding & all LOL

From Natwest INC
Return-Path: <service@natwest.co.uk>
Authentication-Results: mta134.mail.re4.yahoo.com from=natwest.co.uk; domainkeys=neutral (no sig)
Received: from 203.138.229.2 (HELO in8.smartave.ne.jp) (203.138.229.2)
by mta134.mail.re4.yahoo.com with SMTP; Sun, 11 Jan 2009 12:39:48 -0800
Received: (qmail 6527 invoked by SAV 20090111.025 by uid 0); 12 Jan 2009 05:39:44 +0900
Received: from unknown (HELO User) (admin@209.203.23.70)
by in8.smartave.ne.jp (203.138.229.82) with SMTP; 12 Jan 2009 05:39:44 +0900
Reply-To: <service@natwest.co.uk>
From: "Natwest INC"<service@natwest.co.uk>
Subject: Update Natwest Accounts
Date: Sun, 11 Jan 2009 22:39:49 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Content-Length: 2213

<html>
<head>
<style type="text/css">
<!--
body { font-family: tahoma, helvetica, sans-serif; font-size: 10pt; color: black; background: ;}
td {font-size: 10pt;}
}-->
</style>
</head>
<body>
<center>
<table style="border-collapse: collapse" bordercolor="" cellpadding=2 cellspacing=2 width=650 border=1 bordercolor=#000000>
<td>
<table bgcolor="rgb(0,0,51)" cellpadding=0 cellspacing=0 width=650>
<tr><td width=175><img src=https://www.nwolb.com/brands/NWB/images/nav_natwest_logo.gif></td>
<td> </td>
</tr>
</table>
<center>
<table width=600 cellpading=4 cellspacing=5>
<tr>
<td align=justify>
<br><b>National Westminster Bank</b> has been receiving complaints
from our customers for unauthorised use of the Natwest Online accounts.
As a result we periodically review Natwest Online Accounts and temporarily restrict access of those accounts which we think are vunerable to the unauthorised use.<br>
<br>This message has been sent to you from National Westminster Bank because we have noticed invalid login attempts into your account, due to this we are temporarily limiting and restricting your account access until we confirm your identity.<br><br>
<br>

To confirm your identity and remove your account limitation please following the link below.<br><br><br>
<table bgcolor=#7474AA width=600 cellpadding=0 cellspacing=0>
<td width=40> </td>
<td><a href=http://www.sysmail.myxfree.net/natwes.html><img border=0 src=http://www.natwest.com/images/buttons/login.gif></a></td>
</table>
<br><br>
</td>
</tr>
</table>
<table width=600 cellpadding=0 cellspacing=0>
National Westminster Bank is committed to ensure the safeguard of
each customer's personal information, making sure only authorised individuals
have access to their accounts. It is all about your security.
</table>
<P><FONT size=1>Accounts Management As outlined in our
User Agreement, Natwest will <BR>
periodically send you information about site changes and
enhancements. </FONT></P>
<P><FONT size=1>Visit our Privacy Policy and User
Agreement if you have any questions. <BR>
</FONT><FONT color=#003399
size=1> http://www.Natwest.com/help/index.jhtml</FONT></A></P>
</td></table>
</body>
</html>
 
Last edited by a moderator:

Garreg Ddu

Gweinyddwr
Staff member
Another nasty criminal hiding behind an anonymous site registration. Hell is too good for these scum.

X-SID-PRA: NatWest Online Banking <securityupdate@nwolb.com>
Received: from cdinc ([216.144.229.170]) by col0-mc3-f14.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Thu, 29 Jan 2009 13:25:41 -0800

Origin IP Address = 216.144.229.170 = securedprivatenetwork, 1740 East Garry Ave, Suite 234, Santa Ana, CA 92705, US

To: ********@hotmail.com
Subject: Security Update Needed On Your Online Account
From: NatWest Online Banking <securityupdate@nwolb.com> Reply-To: Date: Thu, 29 Jan 2009 13:15:45 -0800 (PST)
Return-Path: www-data@cdinc.local


NatWest is constantly seeking to improve the service that it offers to its customers. Every time you log on to our online service, we check to ensure that your current browser and computer settings will give the required level of performance and security.

Our SSL shows that the browser you used, the last time you accessed your online account has been flagged as unsecured browser which may leads your online security details to the third party. However we cannot guarantee optimal performance and security. We here by implore you to reconfirm and reset your security details on our secure database. Simply follow the step to proceed:

https://www.natwest.com/CustomerResets/rurAuthenticateUser.aspx Note the use of an "https" on the fake re-direct. The site is active still, but is in NetCraft, McAfee SiteAdvisor and Safari Phishing filter.

Should you have any further questions, please contact our e-commerce support line between the hours of 7am and 11pm, 7 days a week.
 

Garreg Ddu

Gweinyddwr
Staff member
A new message text format, but the same Phishing scam still!

X-SID-PRA: Natwest Online Banking <customercare@nwolb.com>
Received: from gs28.inmotionhosting.com ([205.134.252.23]) by bay0-mc11-f10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2668); Thu, 29 Jan 2009 04:33:02 -0800

Origin IP Address = 205.134.252.23 = InMotion Hosting, 2211 Corinth Ave, Suite 100, Los Angeles, CA 90064, US

To: ********@hotmail.com
Subject: Natwest Bank-Account Ownership Verification
From: Natwest Online Banking <customercare@nwolb.com>
Reply-To:
Date: Thu, 29 Jan 2009 04:33:01 -0800
Return-Path: nobody@gs28.inmotionhosting.com




Dear Valued Natwest Customer,
Days ago, our online banking security team has observed multiple logons on your account, from different blacklisted IP's, that's why we have issued this security warning to help prevent all unauthorized access for your safety We have decided to put an extra verification process.

To ensure your identity and your account security. Please click on Sign in to Secure Your Online Access to continue to the verification process. (Failure to Secure your account details may lead to account disconnection)
The Phishing site is active still, but has been reported to NetCraft, McAfee SiteAdvisor and Safari Phishing Filter.


Thank you.
Online Security Team
Natwest Online Banking
© 2009 All Rights Reserved
 

Garreg Ddu

Gweinyddwr
Staff member
Another one from West Coast USA - using the same script as in an earlier attempt.

X-SID-PRA: NatWest Online Banking <customer-service@nwolb.com>

Received: from vps1250.managemyvps.com ([66.11.236.250]) by col0-mc3-f22.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Sat, 7 Feb 2009 09:03:10 -0800

Origin IP Address = 66.11.236.250 = DOTSTER INC., 8100 NE PARKWAY DR, FLOOR 3, VANCOUVER, WA 98662, US

Date: 7 Feb 2009 08:02:36 -0800
Message-ID: <20090207160236.26238.qmail@vps1250.managemyvps.com>
To: ********@hotmail.com
Subject: Security Update Needed On Your Online Account
From: NatWest Online Banking <customer-service@nwolb.com>
Reply-To:



NatWest is constantly seeking to improve the service that it offers to its customers. Every time you log on to our online service, we check to ensure that your current browser and computer settings will give the required level of performance and security.

Our SSL shows that the browser you used, the last time you accessed your online account has been flagged as unsecured browser which may leads your online security details to the third party. However we cannot guarantee optimal performance and security. We here by implore you to reconfirm and reset your security details on our secure database. Simply follow the step to proceed:

https://www.natwest.com/CustomerResets/rurAuthenticateUser.aspx The actvie phishing site has been reprted to NetCraft and is flagged already by IE Phishing filter.

Should you have any further questions, please contact our e-commerce support line between the hours of 7am and 11pm, 7 days a week.
 

Garreg Ddu

Gweinyddwr
Staff member
X-SID-PRA: NatWest Bank Plc. <internetbanking@natwest.co.uk>
Received: from unknown (HELO webserver1) (92.43.96.66) by fixcrlf.mail.vim.at with SMTP; 8 Feb 2009 11:11:06 -0000

Origin IP Address = 92.43.96.66 = ViM Hostmaster, ViM Internetdienstleistungen GmbH, Kaerntner Strasse 17/13, A-1010 Wien, Austria

Date: Sun, 08 Feb 2009 12:13:18 Ä0100
Subject: Last Time Reminder: Your Access Could Be Revoked
To: ********@hotmail.com
From: NatWest Bank Plc. <internetbanking@natwest.co.uk>
Reply-To:
Return-Path: webserver@domainplanet.at




Be informed that the access to your Account has been temporarily suspended due to some errors in your personal information and security details. We recently notified you through online message centre but you did not take action.This message serves as last reminder. To re-activate your account, you are adviced to follow the procedures below.


1. Click https://www.natwest.co.uk/security/customer/secureserver/logon? youraccounts and Log in.
A sneaky one, note the "https" secure site prefix. The site has been hacked into a server at MIT and has been entered into NetCraft, IE and Safari Phishing filters and MIT web-hosts.

2. Update Your Personal Information.


The update process is completed and your account will be activated immediately. Do not forget to sign out when you are done.


Thanks for helping us to serve you better.


NatWest Online Security Team .
 

Garreg Ddu

Gweinyddwr
Staff member
Such a pity .....

Oh dear, the hacked Phishing pages on the MIT web-site in the previous post seem to have been removed :pound: ;)
 

Garreg Ddu

Gweinyddwr
Staff member
Same message text as in posts #6 and #8, but different origin IP address and email address.

X-SID-PRA: NatWest Online Banking <securityupdate@nwolb.com>
Received: from paul.a1webserver.com ([69.16.226.60]) by COL0-MC1-F6.Col0.hotmail.com with Microsoft SMTPSVC(6.0.3790.3959); Fri, 30 Jan 2009 12:23:09 -0800

Origin IP Address = 69.16.226.60 = Liquid Web, Inc., 4210 Creyts Rd., Lansing, MI 48917, US

Received: from donk8063 by paul.a1webserver.com with local (Exim 4.63) (envelope-from <donk8063@paul.a1webserver.com>) id 1LSztZ-0006F2-2s for ********@hotmail.com; Fri, 30 Jan 2009 15:23:21 -0500
To: ********@hotmail.com
Subject: Security Update Needed On Your Online Account
From: NatWest Online Banking <securityupdate@nwolb.com>
Reply-To:
Date: Fri, 30 Jan 2009 15:23:21 -0500
Return-Path: [donk8063@paul.a1webserver.com]


............
identical text to posts #6 and #8 omitted
...........


https://www.natwest.com/CustomerResets/rurAuthenticateUser.aspx The Phishing site has been removed already.


Should you have any further questions, please contact our e-commerce support line between the hours of 7am and 11pm, 7 days a week.
 

Dick H Box

Samurai
Natwest Bank Message Center


This is a phishing email from a scammer.

You Have One New Message
Thursday, 18 June, 2009 1:46 AM
From Natwest Bank Message Center Thu Jun 18 00:46:12 2009
Return-Path: <messagecenter@natwest.co.uk>
Authentication-Results: mta149.mail.ukl.yahoo.com from=natwest.co.uk; domainkeys=neutral (no sig); from=natwest.co.uk; dkim=neutral (no sig)
Received: from 217.146.188.61 (HELO smtp801.mail.ird.yahoo.com) (217.146.188.61) by mta149.mail.ukl.yahoo.com with SMTP; Thu, 18 Jun 2009 00:49:27 +0000
Received: (qmail 97341 invoked from network); 18 Jun 2009 00:49:27 -0000
Received: from unknown (HELO elizabeth748) (messagecenter@95.154.201.67 with login) by smtp801.mail.ird.yahoo.com with SMTP; 18 Jun 2009 00:49:25 -0000
From:
"Natwest Bank Message Center"<messagecenter@natwest.co.uk>
Add sender to Contacts
Subject: You Have One New Message
Date: Thu, 18 Jun 2009 01:46:12 +0100
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Content-Length: 2362

NextWeb Output:
217.146.188.61 UNITED KINGDOM Routing
217.146.188.61 UNITED KINGDOM Routing
95.154.201.67 SPAIN Probable Origin IP

(Truncated) DNS Stuff.com output:
inetnum: 95.154.201.0 - 95.154.201.255
netname: Rapidvpn-1
descr: Rapidvpn
country: GB
admin-c: PS9120-RIPE
tech-c: PS9120-RIPE
status: ASSIGNED PA
mnt-by: RAPIDSWITCH-MNT
changed: *****@rapidswitch.com 20090312
source: RIPE

MESSAGE CENTER

My Messages,

A New message of deposition has been sent into your Natwest online Message Center and here is an alert to inform you that you have 1 new message from Natwest Message Center.

Natwest customers may use this service to contact us with enquiries regarding your accounts or the products and services we offer. From time to time, we will also use 'My messages' to contact you. This may be in relation to existing products and services which you have with us or to keep you informed of enhancements to our products and services. Be sure to check 'My messages' regularly for any new messages. 'My messages' will only retain 10 messages so you may want to delete those you do not need.

Click to view your "1 New Message": Click to View

Accounts Management As outlined in our User Agreement, Natwest will
periodically send you information about site changes and enhancements.

Visit our Privacy Policy and User Agreement if you have any questions.
http://www.Natwest.com/help/index.jhtml

The "Message" as it loaded into my browser.
The following points should be noted;
1/.The first paragraph has an odd syntax & grammar. It's not how a native UK English speaker would write it.
(Also, "Center" has the American English spelling, although this may be Natwest's house-style. Centre is the correct UK spelling.)
2/. Note the poor lay-out of the line containing the log-in button.
3/. The URL for the Natwest help-page didn't work either.




The link in the "Message" resolves to:

[http://www.servicos24.com/Login/www.natwest.co.uk/online/default.php?refererident=29D46E&3F9236B44B3170FA17BB9739036F896327&cookieid=41&noscr=false&CookieCheck=2009-06-18T10:24:44]

Which is not Natwest's log-in URL.
Please note the lack of an "HTTPS" prefix, a clear sign that this is NOT a secure log-in page. This is the phishers log-in page.

Only the text-areas & the "Next" button work. It is a clone of the real Natwest page, with missing paragraphs.




This is the page you get to if you leave the text-areas blank & hit "Next":
[http://www.servicos24.com/Login/www.natwest.co.uk/online/default.php?refererident=6BD035&3F9236B44B3170FA17BB9739036F896327&cookieid=21&noscr=false&CookieCheck=2009-06-18T.10:24:45]



Again, a clone of the real thing, with bits missing.
 
Last edited by a moderator:

Dick H Box

Samurai

Annielee

Samurai
NatWest Bank Plc / <onlineservice@natwest.co.uk>

from NatWest Bank Plc <onlineservice@natwest.co.uk>
date Fri, Nov 6, 2009
subject You have One new message

Dear Customer,

You Have One new security message from NatWest Customer Relations service regarding your Last Security Upgrade.

Log in

Yours sincerely,
Online Customer Service
Received: from nobody by node.proxima.com.ua
Return-Path: <nobody@node.proxima.com.ua>
 

Sphinx

Administrator
Staff member
From NatWest Online
Return-Path: <pjmovj@yahoo.com>
Received: from 203.162.1.137, Vietnam, VietNam Data Communication Company, [abuse@vdc.com.vn]
Reply-To: [pjmovj@yahoo.com]
From: NatWest Online<pjmovj@yahoo.com>
Subject: NatWest Bank plc - iBanking Online Alert
Date: Fri, 20 Nov 2009
Return-Path: [pjmovj@yahoo.com]

Dear NatWest Online Banking Customer,

We detected irregular activity on your NatWest Check Card on 20 November, 2009.

As the Primary Contact, you must verify your account activity before you can continue using

your card, and upon verification, we will remove any restrictions placed on your account.

To review your account as soon as possible please click on the link below:

https www nwolb com/default.aspx?refererident/verification [Links to: nyatapol com]

Thank you for using NatWest Bank Online.

We appreciate your business and the opportunity to serve you.

Please do not reply to this e-mail as this is only a notification. Mail sent to this address cannot be answered.
 

L.mokarabia

New Member
NatWest, 2010

I have receive sever messages from this address. any one now them beware of this.

Natwest Online Banking - Access Suspended : National Westminster Bank Plc to you (bcc) - 11 hrs ago More Details


-----Original Message-----
From: National Westminster Bank Plc <onlineservice@nwolb.com>
Sent: Fri, May 7, 2010 11:24 am
Subject: Natwest Online Banking - Access Suspended :

Dear Valued Customer,

Access to your Online Banking has been Suspended.


This is Due to our New System Data Upgrade.

Click here:- To Activate Your Account.
 

Annielee

Samurai
Natwest Bank, Online Banking Access Expiry Notices :-

from National Westminster Bank Plc <philmcd@philmcd.cnc.net>
date Fri, May 21, 2010
subject National Westminster Bank - Online Banking Access Expiry Notices :-
mailed-by philmcd.cnc.net

NatWest Online Banking.

Natwest Online Banking Access Expiry Notice :-

Please note that Your Natwest Bank Account is about to expire.

In order for it to remain Active, please Use the Link below to Activate and get Unlimited Access on your Online Banking.

Click here - Activate Your Account.
Return-Path: <philmcd@philmcd.cnc.net>
Received: from User (unknown [12.148.42.2]) (Authenticated sender: [philmcd@philmcd.cnc.net) by renown.cnc.net
 

Nanook

Administrator
Staff member
Return-Path: [httpd@web3.uk.assimilatedservers.net]
Received: from 41.202.18.249, Ghana, Ghana, Zipnet Wireless Broadband Dynamic Pool
Abuse: Broadband Home Ltd, G Ofori-Som, 34, Independence Ave, East Ridge, PO Box CT 2033 Lantoment, Accra, Ghana, phone: +233 21 780 361. fax: +233 21 780 381, e-mail: [gofori@myzipnet.com]

Date: Sun, 31 Oct 2010
Subject: Your Account Has Been Blocked
From: NATWEST BANK [customer-service@natwest.co.uk]
Reply-To:

Dear NatWest Customer,

Your account registered with NATWEST BANK ACCOUNT has been LOCKED due to incorrect account information.

This account will remain locked until correct information is received. To correct your account information please follow the information below.

1. Click here to Update
2. Enter the required information, and update the account information
3. You must login after the information

Thank you for banking with Us

Customer Service
NatWest Banking Plc.
 

Templar

Super Moderator
https://nwolb.com - legit

email: onlineservice@nwolb.com - Does not exist.

Validating onlineservice@nwolb.com...
Validation results
confidence rating: 2 - DNS

error at level 3: TimedOut - Socket operation did not finish within the required time span. (WSAETIMEDOUT)
canonical address: <onlineservice@nwolb.com>
MX records
preference exchange IP address (if included)
0 nwolb.com [155.136.72.107]



I have receive sever messages from this address. any one now them beware of this.

Natwest Online Banking - Access Suspended : National Westminster Bank Plc to you (bcc) - 11 hrs ago More Details


-----Original Message-----
From: National Westminster Bank Plc <onlineservice@nwolb.com>
Sent: Fri, May 7, 2010 11:24 am
Subject: Natwest Online Banking - Access Suspended :

Dear Valued Customer,

Access to your Online Banking has been Suspended.


This is Due to our New System Data Upgrade.

Click here:- To Activate Your Account.
 

Central Scrutinizer

Administrator
Staff member
Return-Path: <OnlineBanking@information.natwest.com>
Received: from 139.230.225.74, Australia, Edith Cowan University
From: NatWest <OnlineBanking@information.natwest.com>
Subject: Information
Date: Sat, 1 Jan 2011

NatWest

Personal safety

Your identity and personal details are very important for a variety of reasons.
If these are compromised by criminals,

you may only discover financial crime when you receive letters seeking repayment of debts you haven't incurred, or you find an unexplained credit in your bank account.

It can take a lot of time and patience to resolve such issues - and your credit rating may be affected as a result.

Just follow these simple steps to protect yourself

Internet support team

Disclaimer
This email was sent from a notification-only address that does not accept email replies. Please do not reply directly to this email. Many internet users have recently been targeted through bogus emails by fraudsters claiming to be from the bank. These emails ask customers to provide their internet banking security details in order to reactivate their account or verify an email address. Please be on your guard against emails that request any of your security details. If you receive an email like this you should not respond. Please remember that, for security reasons, apart from when you create them at registration or when you change your Internet PIN or Password, we will only ever ask you to enter random characters from your Internet PIN and Password when you logon to this service. We would never ask you, by email, to enter (or record) these details and we would therefore request that you do not respond to emails asking for this information.

Legal Information
This email message is confidential and for use by the addressee only. If the message is received by anyone other than the addressee, please delete the message from your computer. Internet emails are not necessarily secure. National Westminster Bank plc does not accept responsibility for changes made to this message after it was sent.

Whilst all reasonable care has been taken to avoid the transmission of viruses, it is the responsibility of the recipient to ensure that the onward transmission, opening or use of this message and any attachments will not adversely affect its systems or data. No responsibility is accepted by National Westminster Bank plc in this regard and the recipient should carry out such virus and other checks as it considers appropriate.

National Westminster Bank plc. Registered in England and Wales (Registered Number 929027)
Registered Office: 135 Bishopsgate, London EC2M 3UR.

Authorised and regulated by the Financial Services Authority.
 

Wonderwoman

Samurai
National Westminster Bank Plc" <online@natwest.co.uk

X-Originating-IP: [70.77.224.41]
City Prince George
State or Region British Columbia
Country Canada
ISP Shaw Communications Inc.
Latitude & Longitude 53.918480 -122.776584 MapG MapV
IMPORTANT - Customer Service Message
Tuesday, 12 April, 2011 11:42
From:
"National Westminster Bank Plc" <online@natwest.co.uk>

Message contains attachments
1 File (12KB) DO NOT OPEN HAS MALWARE

Dear Valued Customer:

Natwest Online: Temporary Limited Your Account.
Reason: Account Verification.
We require you to complete an account update so we can unlock your account.

To start the Unlock process, We have sent you an attachment which contains all the necessary steps in order to restore your account access. Download and open it in your browser.

After we have gathered the necessary information, you will regain full access to your account.

Once you have completed the process, we will send you an email notifying that your account is available again. After that you can access your account online at any time.

The information provided will be treated in confidence and stored in our secure database.

If you fail to provide required information your account will be automatically deleted from Our online database.

Online Banking Security Team,
National Westminster Bank Plc.
(c)2011 All Rights Reserved.
 
Top